Tagdiv

Tagdiv Composer

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-50005

  • EPSS 0.03%
  • Veröffentlicht 22.01.2026 16:51:44
  • Zuletzt bearbeitet 26.01.2026 23:15:57

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

7.1

CVE-2025-62031

  • EPSS 0.05%
  • Veröffentlicht 06.11.2025 15:55:28
  • Zuletzt bearbeitet 20.01.2026 15:17:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.

6.5

CVE-2025-62030

  • EPSS 0.05%
  • Veröffentlicht 06.11.2025 15:55:27
  • Zuletzt bearbeitet 20.01.2026 15:17:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.

6.1

CVE-2025-2806

  • EPSS 0.53%
  • Veröffentlicht 08.05.2025 11:23:40
  • Zuletzt bearbeitet 04.06.2025 22:53:20

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This...

5.4

CVE-2025-3510

  • EPSS 0.15%
  • Veröffentlicht 02.05.2025 03:21:18
  • Zuletzt bearbeitet 06.05.2025 15:19:30

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

9.8

CVE-2024-13645

  • EPSS 2.23%
  • Veröffentlicht 04.04.2025 05:22:44
  • Zuletzt bearbeitet 07.04.2025 14:18:15

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is...

6.1

CVE-2025-1705

  • EPSS 0.25%
  • Veröffentlicht 28.03.2025 08:23:44
  • Zuletzt bearbeitet 28.03.2025 18:11:40

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for ...

6.1

CVE-2025-2804

  • EPSS 0.48%
  • Veröffentlicht 28.03.2025 05:23:44
  • Zuletzt bearbeitet 28.03.2025 18:11:40

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to, and including, 5.3 due to insufficient input sanitiza...

6.1

CVE-2024-3886

  • EPSS 0.97%
  • Veröffentlicht 31.08.2024 05:15:13
  • Zuletzt bearbeitet 03.09.2024 18:48:14

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_e...

6.1

CVE-2024-5212

  • EPSS 0.84%
  • Veröffentlicht 31.08.2024 05:15:13
  • Zuletzt bearbeitet 03.09.2024 20:45:20

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_registe...